Russia’s FSB Cybersecurity Team Implodes

While the world was watching the United State’s election and the debate over whether or not the Russian’s hacked the DNC and influenced the election, the Russian Federation was engaged in some of their own housecleaning.

The Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ)) was cleaning house within their Information Security Centre (CDC) – their cybersecurity team. Western media, drawing predominantly from a Kommersant article of 25 January, “Lubyanka Consultant floating in Lefortovo” learned that two individuals, one who was the deputy director of the the FSB cybersecurity team, and another a senior manager within Kaspersky Labs, had been arrested. While the FSB has not released the charge sheet, they have noted that the two are being held on “suspicion of violation of Art. 275 of the Criminal Code ( “treason”)” and unidentified non-official sources of Kommersant, framed the investigation is looking into the allegation that the individuals received money from foreign companies. There is more to the story.

It is alleged, deputy director of the FSB CDC, Sergey Yuryevich Mikhailov, is associated with the Russian hacking group Humpty Dumpty (Шалтай-Болтай) which over the course of the past few years has been doxing (sharing personal data) of members of the Putin administration, to include Prime Minister Medvedev and Deputy Prime Minister Dvorkovich. It is further alleged Mikhailov and a professional colleague of his Ruslan Stoyanov, a senior Kaspersky Labs employee, with whom Mikhailov regularly collaborated, feathered their nest by sharing data, which they harvested with western companies.

The FSB CDC’s director, Andrei Gerasimov, who was eligible to retire, is believed to have done so in mid-January 2017. The assumption within Russian media being, the accelerated retirement was directly related to his deputy, Mikhailov having been arrested.

Always one for drama, the FSB did not disappoint. Multiple media outlets are reporting that the arrest of Mikhailov was taken straight out of the pages of the USSR era. Mikhailov was in a staff meeting, when he was bagged (bag over his head) and dragged unceremoniously from the building.

So what’s really going on? Whether or not the relationship to Humpty Dumpty is confirmed, Russia media is associating Humpty Dumpty with the CIA (Central Intelligence Agency), based on nothing more than, “because, who else?”

The FSB’s Paul Wroblewski Investigation

What is clear, is that the linchpin between Stoyanov and Mikhailov is the on-again off-again investigation into ChronoPay owner, Paul Wroblewski. And during this investigation the turf war between the FSB CDC and the special communications group within the FSB (aka Military unit No. 43753). The latter group’s remit covers use of cryptographic equipment and securing Russia’s electronic voting (the irony for a reader in the US is off-the-charts).

[x_pullquote cite=”Sergei Mikahilov” type=”left”]“The FSB has never existed internal squabbles that would lead to criminal prosecution. There is always the possibility of elementary by change leaders, layoffs, changes in the structure of these conflicts to solve. I do not see any intrigue. When two units are unable to find a common language, it is resolved surgically and without the use of procedural measures. The FSB — the powerful power structure, where the creation of precise vertical. Inclusion of third party tools is stupid”[/x_pullquote]

Sberbank’s desire to build an all-inclusive national database of personal data and to have interviewed Mikhailov for this role, may have been a red herring, designed to elicit information from Mikhailov on the means to acquire that information which may not be readily available within the already impressive Russian government databases. One can only speculate, until the charge sheets are released, on whether or not the Sberbank discussions provided grist for this fire.

We’ll keep an eye out for the FSB updates. We expect to see the musical chairs within the FSB’s Information Security Center to continue and additional information which may confirm or refute the existence of a “very special relationship” with Kaspersky Labs to be leaked, as the Russian media is spinning up like sharks who taste blood in the water.

Let’s meet the individuals:

Sergei Mikhailov

Sergei Mikhailov

Sergey Yuryevich Mikhailov (Сергей Юрьевич Михайлов) the deputy head of the FSB’s CDC. The CDC oversees all of the official Russian efforts against cybercrime in Russia. This includes theft of credit and financial information, personal data leakage, and monitoring of social networks.

It is reported (Constantinople Network) that Mikhailov had been meeting with the leadership of Sberbank, to take a role reporting to Sberbank’s Herman Gref. The role at Sberbank was to create a new online service, and to build the national database of personal data. It should be noted, that Gref is considered to be a moderate within Putin’s circle.

Ruslan Stoyanov

Ruslan Stoyanov

Ruslan Stoyanov (Руслан Стоянов) a senior manager within Russian based “Kaspersky Lab” leads one of the departments within Kaspersky. Prior to his joining Kaspersky, Stoyanov worked as a manager within Moscow police’s cybersecurity “K-control” team. He managed the “special” technical capability of he worked in the management of special technical activities of the Moscow police. In his role, he worked closely with the FSB and other Russian security elements.

Kaspersky Labs has emphatically distanced themselves from Ruslan Stoyanov and his arrest, Kaspersky’s PR representative, Maria Shirokov, notes the activities about which he is charged, pre-date his being hired by Kaspersky Labs; that Stoyanov is not part of the company’s leadership team, but is a department head. Russian media notes that Stoyanov worked closely with the FSB’s CDC and enjoyed the trust of the Russian Federation, having been made privy to a great many state secrets.

Stoyanov held the rank of Major within the special technical activities group of the Moscow police ( “K” control) prior to joining Kaspersky.

Andrei Gerasimov

Andrei Gerasimov, director of the FSB CDC is believed to have submitted a mid-January resignation/retirement (some call ejection) as a result of his deputy, Mikhailov’s early-December arrest.

Lubyanka and Lefortovo Prison

Moscow Lefortovo Prison

Lubyanka – FSB Headquarters

For now, the two are being shuttled between FSB headquarters at Lubyanka and Lefortovo Prison.

Lefortovo Prison is etched in the minds of every Russian as perhaps the most frightening locale in Russia, given its association with Stalin’s NKVD and the FSB’s predecessor, the KGB. Lefortovo Prison, was built in 1881, and is best known for its history as being the place of bloody and brutal interrogations and executions during Stalin’s Great Purge is well known. During the final years of the Soviet Union, the KGB used Lefortovo as an investigative isolator center where they detained political prisoners. The bottom line, there is no worse place to sit in Russia, than an interrogation room within Lefortovo Prison.

Share this:

The world collectively learned of the passing of Otto Warmbier, the U.S. student who was held in North Korea. Let me correct this, Otto Warmbier who was murdered by the Kim Jung Un regime. Warmbier had the audacity to lift a poster off a wall (think souvenir) and was arrested for taking the wall poster. Warmbier […]

Dmitry Dokuchaev, Major in the Russian Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ)), was arrested by the Russian FSB and charged with treason in December 2016 (see: Russian FSB cybersecurity implosion continues with more arrests). On 28 February 2017, Dokuchaev is indicted by the United States on charges of Espionage, […]

Thank you for the opportunity to speak to you today at the Seattle-Eastside NAFIA meeting on the topic of cybersecurity. We at Prevendra look forward to assisting you with your cybersecurity needs, be it a security review or security awareness training. Please reach out to us (click the box in the lower right corner and […]

Is the Government of Qatar perfecting their social engineering or is this a case of Qatar vigilantism? A recent write-up by Claudio Guarnieri, a security researcher working for Amnesty International, leans toward nation state sponsorship, exercising what he describes as “Operation King Phish“. A review of Guarnieri’s report and one’s brain will have a flurry of […]

Easiest way to lose your intellectual property? When your departing employee walks your intellectual property right out the door. It happens far too often and the insider threat you thought of as a hypothetical? Well, it is now a reality. This is what apparently happened to Zynga. Zynga (yes the game company is still alive […]

As we discussed in our recent piece, “Russia’s FSB Cybersecurity Team Implodes” the number of individuals who are in shackles from within the FSB cybersecurity entities continues to increase, and the timeline of the Russian security service, Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ)), investigation continues to […]

I am pleased to be recognized as a Data Privacy Day Champion, as is Prevendra. Every day efforts are expended to assist companies and individuals protect their collective privacy. In 2016 we witnessed millions of individuals having had their private information compromised. A healthy percentage of those compromised, found their information was being exploited and used. […]

While the world was watching the United State’s election and the debate over whether or not the Russian’s hacked the DNC and influenced the election, the Russian Federation was engaged in some of their own housecleaning. A followup report to this post has been filed 28 January 2017: Russian FSB Cybersecurity Implosion Continues With […]

Bringing the Social Media #Revolution to Healthcare - Mayo Clinic Center for Social Media